IdStory Identity Manager

I pretty much struggle with account management, especially objects representation in GUI.

As I talk to customers and other IdM consultants, everyone struggle with it too. Better said, customers do not understand it and don't know how to use it even after several lessons (hours) and following tutorials (e.g. manually link an Identity and AD account).

The representation by Identity, Accounts and Entities is not easy to understand and pretty much confusing. I would like to either

• shrunk the representation into one object or
• (maybe easier way) abstract from the account and entity representation in GUI in e.g. following way:

One GUI agenda with easy to understand form of account list

IdM object | IdM Account id (sync/prov) | Account id (system) | Operations
Karel Novak(knovak) | knovak | karel.novak@domain.com | link,unlink/delete

common task done on agenda

• Manual link identity with AD account by selecting an identity and online selecting of account. Or select an identity and type AD account id (karel.novak@domain.com). During the manual link of identity to account, one must be able to add a role. Ids are filled from provisioning setting if exists.
• Remove link - keep Connected system Account or send DELETE on the account (choose one)
• show the Account details - all atributes on connected system and their values

Usual point of view of administrator is just easy as: Identity is in IdM and Account is in Active Directory, I do not care, how IdM store the link between IdM and AD account.

At the moment, I cannot see a situation, when we would like to work with separate account and entity objects.